Towards a Security Policy for Ubiquitous Healthcare Systems (Position Paper)

  • Joonwoong Kim
  • Alastair R. Beresford
  • Frank Stajano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4412)


U-Healthcare promises increases in efficiency, accuracy and availability of medical treatment; however it also introduces the potential for serious abuses including major privacy violations, staff discrimination and even life-threatening attacks.

In this position paper we highlight some potential threats and open the discussion about the security requirements of this new scenario. We take a few initial steps towards a U-Healthcare security policy and propose a system architecture designed to help enforce the policy’s goals.


Sensor Data Security Policy Body Sensor Clinical Information System Protection Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.: Security in Clinical Information Systems. BMA Report. British Medical Association (Jan. 1996),
  2. 2.
    Anderson, R.: A security policy model for clinical information systems. In: IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (1996), Google Scholar
  3. 3.
    Anderson, R.: An Update on the BMA Security Policy. In: Cambridge workshop on Personal Information — Security, Engineering and Ethics (1996),
  4. 4.
    Anderson, R.: Healthcare Protection Profile — Comments (1998),
  5. 5.
    Beckwith, R.: Designing for Ubiquity: The Perception of Privacy. IEEE Pervasive Computing 2(2), 40–46 (2003)CrossRefGoogle Scholar
  6. 6.
    Bohn, J., Gärtner, F., Vogt, H.: Dependability Issues of Pervasive Computing in a Healthcare Environment. In: Hutter, D., et al. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Cherry, S.: Total Recall. IEEE Spectrum 42(11) (2005),
  8. 8.
    Clayton, P.D.: For the Record: Protecting Electronic Health Information. National Academy Press, Washington DC (1997)Google Scholar
  9. 9.
    Gostin, L.: Health Care Information and the Protection of Personal Privacy: Ethical and Legal Considerations. Annals of Internal Medicine 127(5) (1997),
  10. 10.
    Jiang, X., Landay, J.A.: Modeling privacy control in context-aware systems. IEEE Pervasive Computing 1(3) (2002),
  11. 11.
    Korhonen, I., Pärkkä, J., Van Gils, M.: Health Monitoring in the Home of the Future. IEEE Engineering in Medicine and Biology Magazine 22(3), 66–73 (2003)CrossRefGoogle Scholar
  12. 12.
    Langheinrich, M.: Privacy by Design — Principles of Privacy-Aware Ubiquitous Systems. In: Ubicomp 2001 (2001),
  13. 13.
    Lowrance, W.W.: Privacy and health research a report to the U.S. Secretary of Health and Human Services. U.S. Department of Health and Human Services (1997)Google Scholar
  14. 14.
    Malan, D., Fulford-Jones, T., Welsh, M.: CodeBlue: An Ad Hoc Sensor Network Infrastructure for Emergency Medical Care. In: International Workshop on Wearable and Implantable Body Sensor Networks (April 2004),
  15. 15.
    Health Privacy Project. Medical Privacy Stories (Nov. 2003),
  16. 16.
    Reid, J., et al.: A Novel Use of RBAC to Protect Privacy in Distributed Health Care Information Systems. In: Eighth Australasian Conference on Information Security and Privacy (ACISP 2003) (2003)Google Scholar
  17. 17.
    Rindfleisch, T.C.: Privacy, information technology, and health care. Communications of the ACM 40(8) (1997)Google Scholar
  18. 18.
    Rubin, A.: Records No Longer for Doctors’ Eye Only. Los Angeles Times, (1 Sept., 1998)Google Scholar
  19. 19.
    Zhang, L., Ahn, G.-J., Chu, B.-T.: A role-based delegation framework for healthcare information systems. In: The Seventh ACM Symposium on Access Control Models and Technologies (SACMAT’02), ACM Press, New York (2002)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Joonwoong Kim
    • 1
  • Alastair R. Beresford
    • 1
  • Frank Stajano
    • 1
  1. 1.University of Cambridge Computer Laboratory, 15 JJ Thomson Avenue, Cambridge CB3 0FDUnited Kingdom

Personalised recommendations